mirror of
https://github.com/openai/codex.git
synced 2026-04-28 16:45:54 +00:00
183 lines
5.3 KiB
Markdown
183 lines
5.3 KiB
Markdown
# PR #2232: Support truststore when available and add tracing
|
|
|
|
- URL: https://github.com/openai/codex/pull/2232
|
|
- Author: pakrym-oai
|
|
- Created: 2025-08-12 16:01:09 UTC
|
|
- Updated: 2025-08-12 16:21:07 UTC
|
|
- Changes: +46/-3, Files changed: 1, Commits: 1
|
|
|
|
## Description
|
|
|
|
Supports minimal tracing and detection of working ssl cert.
|
|
|
|
## Full Diff
|
|
|
|
```diff
|
|
diff --git a/codex-rs/login/src/login_with_chatgpt.py b/codex-rs/login/src/login_with_chatgpt.py
|
|
index ddcc6e66c7..252c4e06ae 100644
|
|
--- a/codex-rs/login/src/login_with_chatgpt.py
|
|
+++ b/codex-rs/login/src/login_with_chatgpt.py
|
|
@@ -45,11 +45,54 @@
|
|
EXIT_CODE_WHEN_ADDRESS_ALREADY_IN_USE = 13
|
|
|
|
CA_CONTEXT = None
|
|
+CODEX_LOGIN_TRACE = os.environ.get("CODEX_LOGIN_TRACE", "false") in ["true", "1"]
|
|
+
|
|
try:
|
|
- import ssl
|
|
- import certifi as _certifi
|
|
|
|
- CA_CONTEXT = ssl.create_default_context(cafile=_certifi.where())
|
|
+ def trace(msg: str) -> None:
|
|
+ if CODEX_LOGIN_TRACE:
|
|
+ print(msg)
|
|
+
|
|
+ def attempt_request(method: str) -> bool:
|
|
+ try:
|
|
+ with urllib.request.urlopen(
|
|
+ urllib.request.Request(
|
|
+ f"{DEFAULT_ISSUER}/.well-known/openid-configuration",
|
|
+ method="GET",
|
|
+ ),
|
|
+ context=CA_CONTEXT,
|
|
+ ) as resp:
|
|
+ if resp.status != 200:
|
|
+ trace(f"Request using {method} failed: {resp.status}")
|
|
+ return False
|
|
+
|
|
+ trace(f"Request using {method} succeeded")
|
|
+ return True
|
|
+ except Exception as e:
|
|
+ trace(f"Request using {method} failed: {e}")
|
|
+ return False
|
|
+
|
|
+ status = attempt_request("default settings")
|
|
+ if not status:
|
|
+ try:
|
|
+ import truststore
|
|
+
|
|
+ truststore.inject_into_ssl()
|
|
+ status = attempt_request("truststore")
|
|
+ except Exception as e:
|
|
+ trace(f"Failed to use truststore: {e}")
|
|
+
|
|
+ if not status:
|
|
+ try:
|
|
+ import ssl
|
|
+ import certifi as _certifi
|
|
+
|
|
+ CA_CONTEXT = ssl.create_default_context(cafile=_certifi.where())
|
|
+ status = attempt_request("certify")
|
|
+ except Exception as e:
|
|
+ trace(f"Failed to use certify: {e}")
|
|
+
|
|
+
|
|
except Exception:
|
|
pass
|
|
```
|
|
|
|
## Review Comments
|
|
|
|
### codex-rs/login/src/login_with_chatgpt.py
|
|
|
|
- Created: 2025-08-12 16:08:03 UTC | Link: https://github.com/openai/codex/pull/2232#discussion_r2270452078
|
|
|
|
```diff
|
|
@@ -45,11 +45,54 @@
|
|
EXIT_CODE_WHEN_ADDRESS_ALREADY_IN_USE = 13
|
|
|
|
CA_CONTEXT = None
|
|
+CODEX_LOGIN_TRACE = os.environ.get("CODEX_LOGIN_TRACE", "false") in ["true", "1"]
|
|
+
|
|
try:
|
|
- import ssl
|
|
- import certifi as _certifi
|
|
|
|
- CA_CONTEXT = ssl.create_default_context(cafile=_certifi.where())
|
|
+ def trace(msg: str) -> None:
|
|
+ if CODEX_LOGIN_TRACE:
|
|
+ print(msg)
|
|
+
|
|
+ def attempt_request(method: str) -> bool:
|
|
+ try:
|
|
+ with urllib.request.urlopen(
|
|
+ urllib.request.Request(
|
|
+ f"{DEFAULT_ISSUER}/.well-known/openid-configuration",
|
|
+ method="GET",
|
|
+ ),
|
|
+ context=CA_CONTEXT,
|
|
+ ) as resp:
|
|
+ if resp.status != 200:
|
|
+ trace(f"Request using {method} failed: {resp.status}")
|
|
+ return False
|
|
+
|
|
+ trace(f"Request using {method} succeeded")
|
|
+ return True
|
|
+ except Exception as e:
|
|
+ trace(f"Request using {method} failed: {e}")
|
|
+ return False
|
|
+
|
|
+ status = attempt_request("default settings")
|
|
+ if not status:
|
|
+ try:
|
|
+ import truststore
|
|
```
|
|
|
|
> Is this third-party dep commonly installed?
|
|
>
|
|
> https://pypi.org/project/truststore/
|
|
|
|
- Created: 2025-08-12 16:08:51 UTC | Link: https://github.com/openai/codex/pull/2232#discussion_r2270454760
|
|
|
|
```diff
|
|
@@ -45,11 +45,54 @@
|
|
EXIT_CODE_WHEN_ADDRESS_ALREADY_IN_USE = 13
|
|
|
|
CA_CONTEXT = None
|
|
+CODEX_LOGIN_TRACE = os.environ.get("CODEX_LOGIN_TRACE", "false") in ["true", "1"]
|
|
+
|
|
try:
|
|
- import ssl
|
|
- import certifi as _certifi
|
|
|
|
- CA_CONTEXT = ssl.create_default_context(cafile=_certifi.where())
|
|
+ def trace(msg: str) -> None:
|
|
+ if CODEX_LOGIN_TRACE:
|
|
+ print(msg)
|
|
+
|
|
+ def attempt_request(method: str) -> bool:
|
|
+ try:
|
|
+ with urllib.request.urlopen(
|
|
+ urllib.request.Request(
|
|
+ f"{DEFAULT_ISSUER}/.well-known/openid-configuration",
|
|
+ method="GET",
|
|
+ ),
|
|
+ context=CA_CONTEXT,
|
|
+ ) as resp:
|
|
+ if resp.status != 200:
|
|
+ trace(f"Request using {method} failed: {resp.status}")
|
|
+ return False
|
|
+
|
|
+ trace(f"Request using {method} succeeded")
|
|
+ return True
|
|
+ except Exception as e:
|
|
+ trace(f"Request using {method} failed: {e}")
|
|
+ return False
|
|
+
|
|
+ status = attempt_request("default settings")
|
|
+ if not status:
|
|
+ try:
|
|
+ import truststore
|
|
+
|
|
+ truststore.inject_into_ssl()
|
|
+ status = attempt_request("truststore")
|
|
+ except Exception as e:
|
|
+ trace(f"Failed to use truststore: {e}")
|
|
+
|
|
+ if not status:
|
|
+ try:
|
|
+ import ssl
|
|
+ import certifi as _certifi
|
|
```
|
|
|
|
> Though I guess so is this... https://pypi.org/project/certifi/ |